[BrightOne]

My tailnet is set up using a GitHub organization, without using Google at all. I have sufficient security (2FA with security keys, etc.) enforced for it. I think that hand-rolling their own auth would not be a great idea just yet, while they are still ironing out other features.

[ev1]

The only choices being MS or Google for auth, both with trigger happy defence mechanisms, is kind of annoying though.

[dijit]

There are more options than that, and I see your point.

To take the contrarian stance though: SSO not being paid is kinda nice, and not having yet another password for something is nice. —- double and: then not being able to leak a password or handle 2FA, instead focusing on their actual product.

[ev1]

For free users, it's pretty much just G, MS, and GH (which is currently the only "tolerable" one, but there's no reason why it won't turn into a MS account in the future just like how they killed Minecraft)

[cadamsau]

If GH accounts turn into MS accounts, that's a sure sign it's time to take your repos elsewhere, because the wrong people are in charge.

Might mean a little more work to help reimplement GH features in the platform of choice. Not everyone will leave.

But it'll be great for the diversity of the internet.

[GoOnThenDoTell]

So 4 years tops?